MATH
Login Or Sign up

Idea for running the quadratic sieve in a sub-quadratic space like the general field sieve

95 Views Asked by At

Quadratic sieve is an improvement for the Dixon's factorization method, it is searching for b-smooth values on the polynomial $ax^2-bx+c$ (See the hypercube idea) where $ax^2-bx+c$ is of the size of $N^\frac{1}{2}$. I got an idea of how to reduce this size to $N^\frac{1}{3}$. By doing this I hope to dramatically improve QS running time.

Let $N$ be the number we wish to factor.

  • Let $F(x)=x^2−N^2=(x+N)(x−N)$
  • Let $H(x) = F(f^2db−N+f^2dx)$ where $b,d,f$ are positive integeres

$$H(x)=(f^2db−N+f^2dx+N)(f^2db−N+f^2dx−N)=f^2d(b+x)(f^2db+f^2dx−2N)$$

  • Let $f^2db−2N=−c^2$
  • Let $Q(x)=H(dx^2)$

$$Q(x)=f^2d(b+dx^2)(f^2db+(fdx)^2−2N)=f^2d(b+dx^2)((fdx)^2−c^2)=f^2d(b+dx^2)(fdx−c)(fdx+c)$$

If we manage to set up the system such that $b,fd \approx N^\frac{1}{3}$(it implies that $d=1$), then we will be working on 3 polynomial of the size of $N^\frac{1}{3}$. We can use the same sieving and congruence of square technics as we used in QS, with one additional requirement that all of the three polynomials need to smooth in order for some $Q(x)$ to be smooth.

This idea raises two questions:

  1. How to pick $b,c,d,f$?
  2. How much harder is it to sieve on three polynomials compare to one?

While I still need help with 2, I found an answer for 1.

  • Pick a prime $p$ in quadratic residue mod $2N$ with a size about $N^\frac{1}{6}$,
  • Find what is the smallest $c$ in $f`(c)=f^2db=N-c^2$ that is going to be divisible by this prime. It can be efficiently computed using Tonelli's 1891 note.
  • Then you got a $c$ of the size of $N^\frac{1}{3}$ and $f$ of the size of $N^\frac{1}{6}$ and $db$ of the size of $N^\frac{3}{6}$, with some luck and repeating this process multiple times, it's possible to extract a square out of $db$ such that $f$ becomes $N^\frac{1}{3}$

I tested this idea with a random 300 bits numbers, my code is far from being optimized, but after running for an hour I was able to generate $f$ of $73$ bits. This already allows making a sub-quadratic setup with b 116 bits, $f$ 73 bits, and $d$ 40 bits.

 - N 1656661855224614241967626091052145902421605836026342398847614444684800200797305356470390167
 - c 570181232531678014712574953020
 - f 6934515693275786467781
 - db 68901963423007279523881523815951134611979711694

Please tell me what do you think about this idea and help me solving 2.

probability-theory elementary-number-theory factoring computational-complexity sieve-theory
Original Q&A

Related Questions in PROBABILITY-THEORY

Related Questions in ELEMENTARY-NUMBER-THEORY

Related Questions in FACTORING

Related Questions in COMPUTATIONAL-COMPLEXITY

Related Questions in SIEVE-THEORY

Trending Questions

Popular # Hahtags

second-order-logic numerical-methods puzzle logic probability number-theory winding-number real-analysis integration calculus complex-analysis sequences-and-series proof-writing set-theory functions homotopy-theory elementary-number-theory ordinary-differential-equations circles derivatives game-theory definite-integrals elementary-set-theory limits multivariable-calculus geometry algebraic-number-theory proof-verification partial-derivative algebra-precalculus

Popular Questions

Copyright © 2021 JogjaFile Inc.